“Phishing without a lure” is an increasingly common attack style, the Anti-phishing Working Group said in its February Phishing Activity Trends report.
Phishing is a form of online identity theft that commonly uses spoofed e-mails to lure consumers to fraudulent Web sites that may look just like a bank’s or credit card companies. Consumers are asked to “verify their accounts” by providing valuable personal information, such as credit card numbers, passwords and PINs, Social Security numbers and addresses. Crooks then use this information to make purchases, drain accounts or hijack identities.
Phishing without a lure, known as “pharming,” is more sophisticated and harder to detect.
“Pharming is a class of navigational attacks that seeks to corrupt the navigational infrastructure the consumer sees, to trick him into going places he’s really not supposed to or obscure the fact he’s visiting places he didn’t want to go,” said Peter Cassidy, secretary general of the Anti-Phishing Working Group and director of research for Triarche Research Group, a custom industrial research company.
In these schemes, crooks surreptitiously slip malicious code into someone’s computer that modifies the host’s file; when the person types in a URL and the browser checks the host file for the IP address, the malware will send the person off to a bogus site, Cassidy said.
In a variation known as a “man in the middle” attack, thugs overwrite IP addresses in the host file to send the user to a legitimate site, by way of a proxy that will then log keystrokes, stealing login information used to access bank accounts.
One alarming trend is phishers’ move downscale. While they used to target the largest companies, such as eBay
and its payment subsidiary PayPal, and major financial institutions such as Washington Mutual, they’ve begun mimicking regional banking sites and smaller Web retailers.
The report, compiled with research from Websense Security Labs and Tumbleweed Message Protection Lab, reported 13,141 new, unique phishing e-mail messages in February 2005, more than a 2 percent increase over January. The average monthly growth rate in attacks since July 2004 was 26 percent.
But the rise in attacks could show that the success rate has gone down, Cassidy said. “The defenses and shields go up on the brand holders’ end, so the effectiveness of attacks goes down. In response, attackers increase the volume, adding more servers and shipping more phishmail.”
There were 2625 active phishing sites reported in February. The average time for a bogus site to stay online was 5.7 days, but at least one was active for 30 days. A total of 64 brands were hijacked by phishing campaigns that month, the working group said, although just six brands were the victims of 80 percent of the exploits.
The United States continued as the top host country for bogus sites, with more than 37 percent of all fraudulent sites originating there. China was the next most common host of phishers, with 28 percent hosted.
The Anti-Phishing Working Group is an industry association
focused on eliminating the identity theft and fraud resulting from phishing, pharming and e-mail spoofing.
Cassidy said anti-virus and anti-spyware products do provide some protection. He advised consumers to install products recommended by their ISPs and to make sure to enable auto updates.
“Every indication is that conventional phishing effectiveness is not doing that well,” Cassidy said. “But they keep investing in it, so apparently there’s still ROI there.”